Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
26593
Views
8
Helpful
5
Replies

tcpdump equivalent

reashad
Level 1
Level 1

‎09-19-2019 06:40 AM

Hi,

is there any tcpdump like equivalent command for cisco. i want to see live packets on CLI.

1 person had this problem
Labels:
5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

‎09-19-2019 06:47 AM

Hi there,

There is EPC for most switches:

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html

 

...and a similar function on the ASA firewalls.

Both allow you to read the contents of the buffer, but not do great analysis. For that you need to export the buffers to PCAP and feed into wireshark off-box.

 

There isn't anything like the monitor traffic interface command from Junos.

 

cheers,

Seb.

reashad
Level 1
Level 1
In response to Seb Rupik

‎09-19-2019 11:21 AM

can you tell me from your experience that if it is CPU intensive

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to reashad

‎09-19-2019 12:34 PM

In my experience you are normally performing packet captures on fairly sizeable switches/ firewalls so the capture process has very little impact.

 

If the devices which you are looking at do not have the feature to save monitor sessions to internal buffers, you also have SPAN:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/network_management/configuration_guide/b_nm_3se_3850_cg/b_nm_3se_3850_cg_chapter_0111.html

 

Keep in mind that will be caveats/ limitations depending on platform, but it is at least available on every cisco switching platform.

 

cheers,

Seb.

reashad
Level 1
Level 1
In response to Seb Rupik

‎09-19-2019 05:00 PM

The problem is device is in Calgary and i am in Toronto and it doesn't support EPC. 

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to reashad

‎09-19-2019 11:58 PM

….in which case ERSPAN is probably not available on your device either.

 

What is the device you are trying to capture on?  Is the host traffic which is being captured routed on a device that supports EPC further upstream?

 

If not, then your best option is to have someone connect a laptop locally to the switch and configure a SPAN port which you can capture directly from.

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card